Drupal 7 LDAP Project

Overview with Authentication and Authorization Examples

http://drupal.org/project/ldap

LDAP Project

• Complete rewrite of LDAP Integration for Drupal 4.7, 5.x, and 6.x

• New project with goal of stability with solid test coverage, accessibility, I18n support, object oriented, Features support, API base.

• RC Target for December• 7.x-1.x branch is active, -2.x is placeholder• Status at http://drupal.org/node/1115704

Modules• LDAP Servers. Stores connection information for ldap

servers and relationships between ldap and drupal users. Also contains api functions for LDAP project.

• LDAP Query. Stores individual queries that can be leveraged by other modules such as LDAP Feeds and LDAP Views.

• LDAP Authentication. Authentication and Drupal user account creation.

• LDAP Authorization. Conversion of ldap user data to drupal roles, organic groups and other authorization providers.

• LDAP Feeds. Fetchers for LDAP Queries and LDAP Users to integrate with feeds module.

• LDAP Views. Views module integration for LDAP Query result sets

• LDAP Help. Helper module for debugging configuration issues with other LDAP Modules.

LDAP Project Status 10/10/2011

Status Thread: http://drupal.org/node/1115704

LDAP Modules and Class Relationships

Prerequisites

http://drupal.org/node/1023900•ldap php extension•service account•mcrypt extension•open ssl or other ssl extension•use LDAP Help module for checking

LDAP Settings

LDAP Servers

• Server Configuration != Physical Server

• May want more than one server configuration per physical ldap server.

• LDAP Server module not an LDAP Server. Just a means to query it.

• Get LDAP Server details from sys admins

LDAP Server: Server Settings

LDAP Server: Binding

LDAP Server: User Relationship (1 of 2)

LDAP Server: User Relationship (2 of 2)

LDAP Authentication: Logon Options

LDAP Authentication: Account Conf

LDAP Authorization: Design for LDAP 7

LDAP Authorization: Design for Drupal 8

LDAP Authorization: Setup 1

1. Enable LDAP Authorization and LDAP Authorization Drupal Roles

2. Create Drupal Role Instance3. Part II most complicated

• IIA. cn=jdoe,ou=Group1,cn=example,cn=com

• IIB. memberOf => all groups in memberOf attribute

• IIC. Not sure what this is.4. Filtering. Required to avoid many groups. If

filtering off, create groups should also be off.5. IV.C has to do with what you want to do

manually.6. Test to see expected behavior

LDAP Authorization: Adding Consumers

Quite easy to add your own authorization consumers.

•Use ldap_authorization_drupal_role or ldap_authorization_og as examples/templates•hook_ldap_authorization_consumer() is for vocabulary of user interface:

function ldap_authorization_drupal_role_ldap_authorization_consumer() { $types['drupal_role'] = array( 'consumer_name' => t('drupal role'), 'consumer_name_plural' => t('drupal roles'), 'consumer_short_name' => t('role'), 'consumer_short_name_plural' => t('roles'), 'consumer_description' => t('A Drupal Role.'), 'consumer_class_name' => 'LdapAuthorizationConsumerDrupalRole', 'consumer_class_file' => 'LdapAuthorizationConsumerRole.class.php', 'consumer_module' => 'ldap_authorization_drupal_role', );

return $types;}

LDAP Authorization: Adding Consumers

Add class that extends LdapAuthorizationConsumerAbstract and provides at least the following methods and properties:

•consumerType

•refreshConsumerIDs()

•availableConsumerIDs()

•createConsumers($creates_mixed_case) (optional)

•revokeSingleAuthorization(&$user, $consumer_id, &$user_auth_data)

•grantSingleAuthorization(&$user, $consumer_id, &$user_auth_data)

•usersAuthorizations(&$user)

LDAP Feeds

For synching any ldap data with Drupal structures such as nodes, users, taxonomy, etc.

Includes 2 feeds fetchers:•FeedsLdapQueryFetcher for fetching generic ldap queries, configured by admins via the LDAP Query module.•FeedsDrupalUserLdapEntryFetcher for fetching ldap entries of drupal users who are ldap authenticated or otherwise ldap associated.

Includes 1 feeds parser:•FeedsLdapEntryParser that converts ldap entries array returned from ldap_search() to standard feed parser result format.

LDAP Query: Module for storing LDAP Queries used by other modules (LDAP Views, LDAP Feeds, etc).

LDAP Views: Views Integration

Resources

http://drupal.org/project/ldap Project Homepage